Security Best Practices

In this section, you’ll find general best practices for protecting your node. This section also offers recommendations for how incidents can be handled to provide optimal support for delegators.

Node security is the responsibility of its administrator, not Exocore or its contributors. The following suggestions are best practices but proper, hardened security measures extend behind these items below.

Protecting Private Keys

Account private keys

These are easy to protect by simply using a strong password with a file keyring backend. Do NOT use the test keyring backend for anything other than tests. The pass backend offers even better security.

Validator private key

Appropriate permissions

chmod 600 $HOMEDIR/config/priv_validator_key.json
chown exocoreuser:exocoreuser $HOMEDIR/config/priv_validator_key.json

See Validator Key Management System

OS updates

It is important to keep your underlying OS up-to-date. See here for Ubuntu and here for Amazon Linux.

Others

As previously described, it is advised to use a non-root account and activate your firewall. Similar suggestions include to disable root login over SSH and disable password over SSH.

PreviousManaging The Validator NextRisks & Mitigation

Last updated 2 months ago